httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mathihalli, Madhusudan" <mad...@hp.com>
Subject RE: mod_ssl not sending Alert upon close ?
Date Thu, 05 Feb 2004 19:06:57 GMT
Hi,
	It's been a while since I played with the Apache code, and it'll be nice if somebody can
help me here.

I put some debug statements in the ssl_engine_io.c - in bio_filter_out_write() and bio_filter_in_read()
to see if the alert message is actually being sent, and got the following output:

bio_filter_out_write: trying to write inl: 900 (length 0 blen 0)
bio_filter_out_write: buffering data (NO WRITE YET)
bio_filter_out_flush: trying to flush blen: 900
bio_filter_out_write: trying to write inl: 67 (length 0 blen 0)
bio_filter_out_write: buffering data (NO WRITE YET)
bio_filter_out_flush: trying to flush blen: 67
(70014)End of file found: bio_filter_in_read: got EOF - returning -1 (at the end)
(70014)End of file found: SSL input filter read failed.
------>> Does the socket fd get closed at this point ?
bio_filter_out_write: trying to write inl: 23 (length 0 blen 0)
bio_filter_out_write: buffering data (NO WRITE YET)
------>> This is the close notify message that SSL_set_shutdown() was trying to send
- but it never gets sent because the message is buffered. Maybe we need to revisit the logic
of bio_filter_out_write() ?

Connection to child 0 closed with standard shutdown(server lugia.cup.hp.com:443, client 15.0.70.188)


I tried changing the logic in bio_filter_out_write() to send the data as it comes (instead
of buffering it,and forcing through flush) - but when we try to send the close notify message,
we get the error "Bad file number" => which means that the socket got closed before SSL_shutdown
was issued ?

-Madhu

>-----Original Message-----
>From: Mathihalli, Madhusudan 
>Sent: Wednesday, February 04, 2004 6:08 PM
>To: dev@httpd.apache.org
>Subject: RE: mod_ssl not sending Alert upon close ?
>
>
>
>>-----Original Message-----
>>From: Geoff Thorpe [mailto:geoff@geoffthorpe.net]
>>Sent: Wednesday, February 04, 2004 5:56 PM
>>To: dev@httpd.apache.org
>>Cc: Mathihalli, Madhusudan
>>Subject: Re: mod_ssl not sending Alert upon close ?
>>
>>
>>On February 4, 2004 04:39 pm, Mathihalli, Madhusudan wrote:
>>> Hi,
>>> 	I was playing with ssldump for the data transferred b/w 
>>browser and
>>> Apache (2.0.48) - and realized that the Apache2 (+ mod_ssl) does not
>>> send the Alert message to the client before closing the connection.
>>
>>Funnily enough, I was just stewing on a similar problem with 
>openssl's 
>>builtin "s_server" application - in that case, the braindamage is in 
>>s_server.c's use of "SSL_CTX_set_quiet_shutdown(ctx,1)". 
>>Perhaps apache2 
>>is doing the same thing?
>>
>
>I don't think thatz the case - apache2 is NOT doing 
>quiet_shutdown. When I enabled logging of wbio, it appears 
>that it's sending the close notify - but the client doesn't see it.
>
>I'm suspecting if we have to flush manually after doing a 
>SSL_set_shutdown(), because there's some special logic in 
>bio_filter_out_write().
>
>-Madhu
>

Mime
View raw message